← Back to Home

Privacy Policy

Last updated: January 13, 2025

1. What Information We Collect and Why

Billstash collects information through Google OAuth authentication to provide our service. This includes:

  • Account Information: Your name, email address, and profile picture from your Google account for authentication purposes.
  • Gmail Data (gmail.readonly scope): We access your Gmail with read-only permissions to search for emails matching your configured rules and download PDF/image attachments. We do not read, store, or access the content of your emails—only attachment files you configure us to extract.
  • Google Drive Data (drive.file scope): We create and manage files in a "Billstash" folder in your Google Drive. This scope only allows us to access files created by our application—we cannot read or modify your other Drive files.
  • Usage Data: Information about how you interact with our service, including sync history and preferences.

Only non-sensitive metadata is processed—we do not store email content, and attachments are processed according to your configured rules.

2. How We Use Your Information

We use your information solely for the following purposes:

  • Providing and maintaining the Billstash service
  • Authenticating your account and managing your subscription
  • Downloading and organizing attachments from your Gmail based on your rules
  • Saving extracted attachments to your Google Drive
  • Sending important service-related communications
  • Improving and optimizing our service through usage analysis
  • Fulfilling legal obligations

We do not use your data for advertising, marketing, or any purpose unrelated to providing the Billstash service.

3. How We Share Your Information

We do not sell, trade, or rent your personal data. We may share your information only in the following circumstances:

  • With Your Consent: When you explicitly authorize us to share information.
  • Service Providers: With third-party services that help us operate (e.g., Stripe for payments, cloud infrastructure providers). These providers are bound by confidentiality agreements.
  • Within Google's Infrastructure: Data accessed by Billstash remains within your Google account or on Google's secure servers.
  • Legal Requirements: When required by law, legal process, or to protect our rights and safety.
  • Business Transitions: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change.

4. Data Retention

We retain your data according to the following policies:

  • Email Content: We do not store email content. Attachments are processed and saved to your Google Drive, not our servers.
  • Account Data: Retained while your account is active. Upon account deletion, we remove your data within 30 days.
  • Configuration Data: Your sync rules and preferences are stored in our database while your account is active.
  • Usage Logs: Anonymized usage logs are retained for up to 90 days for service improvement and debugging.
  • OAuth Tokens: Encrypted access tokens are stored securely and deleted upon account deletion or access revocation.

5. Data Security

We implement robust security measures to protect your data:

  • All data transmission uses TLS/SSL encryption
  • OAuth tokens are encrypted at rest
  • We rely on Google's infrastructure and security practices for Gmail and Drive access
  • Access to production systems is restricted and logged
  • Regular security reviews and updates

While we implement industry-standard security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Your Choices and Rights

You have the following rights regarding your data:

  • Access: Request a copy of the personal data we hold about you.
  • Deletion: Request deletion of your account and associated data.
  • Revoke Access: Revoke Gmail and Drive permissions at any time through your Google Account security settings.
  • Export: Export your data in a portable format.
  • Uninstall: Stop using the service at any time by revoking access and deleting your account.

To exercise these rights, contact us at support@billstash.io.

7. Children's Privacy

Billstash is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@billstash.io and we will take steps to delete such information.

8. Cookies

We use essential cookies to maintain your session and remember your preferences. We do not use tracking or advertising cookies. You can disable cookies in your browser settings, but this may affect service functionality.

9. Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

10. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us at support@billstash.io.

11. Google API Services User Data Policy Compliance

Billstash's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we commit to the following:

  • We only use Google user data for the purposes described in this privacy policy—to extract and organize email attachments.
  • We do not use Google user data for advertising purposes.
  • We do not sell Google user data to third parties.
  • We do not use Google user data to determine creditworthiness or for lending purposes.
  • We do not transfer Google user data to other applications or services except as necessary to provide the Billstash service or as required by law.
  • Human access to Google user data is limited to debugging, investigating abuse, or responding to user support requests, and only with user consent.